<!doctype html>

<html>
<head>
  <link rel="shortcut icon" href="static/images/favicon.ico" type="image/x-icon">
  <title>data.js (Closure Library API Documentation - JavaScript)</title>
  <link rel="stylesheet" href="static/css/base.css">
  <link rel="stylesheet" href="static/css/doc.css">
  <link rel="stylesheet" href="static/css/sidetree.css">
  <link rel="stylesheet" href="static/css/prettify.css">

  <script>
     var _staticFilePath = "static/";
     var _typeTreeName = "goog";
     var _fileTreeName = "Source";
  </script>

  <script src="static/js/doc.js">
  </script>


  <meta charset="utf8">
</head>

<body onload="grokdoc.onLoad();">

<div id="header">
  <div class="g-section g-tpl-50-50 g-split">
    <div class="g-unit g-first">
      <a id="logo" href="index.html">Closure Library API Documentation</a>
    </div>

    <div class="g-unit">
      <div class="g-c">
        <strong>Go to class or file:</strong>
        <input type="text" id="ac">
      </div>
    </div>
  </div>
</div>

<div class="clear"></div>

<h2><a href="closure_goog_soy_data.js.html">data.js</a></h2>

<pre class="prettyprint lang-js">
<a name="line1"></a>// Copyright 2012 The Closure Library Authors. All Rights Reserved.
<a name="line2"></a>//
<a name="line3"></a>// Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
<a name="line4"></a>// you may not use this file except in compliance with the License.
<a name="line5"></a>// You may obtain a copy of the License at
<a name="line6"></a>//
<a name="line7"></a>//      http://www.apache.org/licenses/LICENSE-2.0
<a name="line8"></a>//
<a name="line9"></a>// Unless required by applicable law or agreed to in writing, software
<a name="line10"></a>// distributed under the License is distributed on an &quot;AS-IS&quot; BASIS,
<a name="line11"></a>// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<a name="line12"></a>// See the License for the specific language governing permissions and
<a name="line13"></a>// limitations under the License.
<a name="line14"></a>
<a name="line15"></a>/**
<a name="line16"></a> * @fileoverview Soy data primitives.
<a name="line17"></a> *
<a name="line18"></a> * The goal is to encompass data types used by Soy, especially to mark content
<a name="line19"></a> * as known to be &quot;safe&quot;.
<a name="line20"></a> *
<a name="line21"></a> * @author gboyer@google.com (Garrett Boyer)
<a name="line22"></a> */
<a name="line23"></a>
<a name="line24"></a>goog.provide(&#39;goog.soy.data&#39;);
<a name="line25"></a>goog.provide(&#39;goog.soy.data.SanitizedContent&#39;);
<a name="line26"></a>goog.provide(&#39;goog.soy.data.SanitizedContentKind&#39;);
<a name="line27"></a>
<a name="line28"></a>
<a name="line29"></a>/**
<a name="line30"></a> * A type of textual content.
<a name="line31"></a> *
<a name="line32"></a> * This is an enum of type Object so that these values are unforgeable.
<a name="line33"></a> *
<a name="line34"></a> * @enum {!Object}
<a name="line35"></a> */
<a name="line36"></a>goog.soy.data.SanitizedContentKind = {
<a name="line37"></a>
<a name="line38"></a>  /**
<a name="line39"></a>   * A snippet of HTML that does not start or end inside a tag, comment, entity,
<a name="line40"></a>   * or DOCTYPE; and that does not contain any executable code
<a name="line41"></a>   * (JS, {@code &lt;object&gt;}s, etc.) from a different trust domain.
<a name="line42"></a>   */
<a name="line43"></a>  HTML: goog.DEBUG ? {sanitizedContentKindHtml: true} : {},
<a name="line44"></a>
<a name="line45"></a>  /**
<a name="line46"></a>   * Executable Javascript code or expression, safe for insertion in a
<a name="line47"></a>   * script-tag or event handler context, known to be free of any
<a name="line48"></a>   * attacker-controlled scripts. This can either be side-effect-free
<a name="line49"></a>   * Javascript (such as JSON) or Javascript that entirely under Google&#39;s
<a name="line50"></a>   * control.
<a name="line51"></a>   */
<a name="line52"></a>  JS: goog.DEBUG ? {sanitizedContentJsStrChars: true} : {},
<a name="line53"></a>
<a name="line54"></a>  /**
<a name="line55"></a>   * A sequence of code units that can appear between quotes (either kind) in a
<a name="line56"></a>   * JS program without causing a parse error, and without causing any side
<a name="line57"></a>   * effects.
<a name="line58"></a>   * &lt;p&gt;
<a name="line59"></a>   * The content should not contain unescaped quotes, newlines, or anything else
<a name="line60"></a>   * that would cause parsing to fail or to cause a JS parser to finish the
<a name="line61"></a>   * string its parsing inside the content.
<a name="line62"></a>   * &lt;p&gt;
<a name="line63"></a>   * The content must also not end inside an escape sequence ; no partial octal
<a name="line64"></a>   * escape sequences or odd number of &#39;{@code \}&#39;s at the end.
<a name="line65"></a>   */
<a name="line66"></a>  JS_STR_CHARS: goog.DEBUG ? {sanitizedContentJsStrChars: true} : {},
<a name="line67"></a>
<a name="line68"></a>  /** A properly encoded portion of a URI. */
<a name="line69"></a>  URI: goog.DEBUG ? {sanitizedContentUri: true} : {},
<a name="line70"></a>
<a name="line71"></a>  /**
<a name="line72"></a>   * Repeated attribute names and values. For example,
<a name="line73"></a>   * {@code dir=&quot;ltr&quot; foo=&quot;bar&quot; onclick=&quot;trustedFunction()&quot; checked}.
<a name="line74"></a>   */
<a name="line75"></a>  ATTRIBUTES: goog.DEBUG ? {sanitizedContentHtmlAttribute: true} : {},
<a name="line76"></a>
<a name="line77"></a>  // TODO: Consider separating rules, declarations, and values into
<a name="line78"></a>  // separate types, but for simplicity, we&#39;ll treat explicitly blessed
<a name="line79"></a>  // SanitizedContent as allowed in all of these contexts.
<a name="line80"></a>  /**
<a name="line81"></a>   * A CSS3 declaration, property, value or group of semicolon separated
<a name="line82"></a>   * declarations.
<a name="line83"></a>   */
<a name="line84"></a>  CSS: goog.DEBUG ? {sanitizedContentCss: true} : {},
<a name="line85"></a>
<a name="line86"></a>  /**
<a name="line87"></a>   * Unsanitized plain-text content.
<a name="line88"></a>   *
<a name="line89"></a>   * This is effectively the &quot;null&quot; entry of this enum, and is sometimes used
<a name="line90"></a>   * to explicitly mark content that should never be used unescaped. Since any
<a name="line91"></a>   * string is safe to use as text, being of ContentKind.TEXT makes no
<a name="line92"></a>   * guarantees about its safety in any other context such as HTML.
<a name="line93"></a>   */
<a name="line94"></a>  TEXT: goog.DEBUG ? {sanitizedContentKindText: true} : {}
<a name="line95"></a>};
<a name="line96"></a>
<a name="line97"></a>
<a name="line98"></a>
<a name="line99"></a>/**
<a name="line100"></a> * A string-like object that carries a content-type.
<a name="line101"></a> *
<a name="line102"></a> * IMPORTANT! Do not create these directly, nor instantiate the subclasses.
<a name="line103"></a> * Instead, use a trusted, centrally reviewed library as endorsed by your team
<a name="line104"></a> * to generate these objects. Otherwise, you risk accidentally creating
<a name="line105"></a> * SanitizedContent that is attacker-controlled and gets evaluated unescaped in
<a name="line106"></a> * templates.
<a name="line107"></a> *
<a name="line108"></a> * @constructor
<a name="line109"></a> */
<a name="line110"></a>goog.soy.data.SanitizedContent = function() {
<a name="line111"></a>  throw Error(&#39;Do not instantiate directly&#39;);
<a name="line112"></a>};
<a name="line113"></a>
<a name="line114"></a>
<a name="line115"></a>/**
<a name="line116"></a> * The context in which this content is safe from XSS attacks.
<a name="line117"></a> * @type {goog.soy.data.SanitizedContentKind}
<a name="line118"></a> */
<a name="line119"></a>goog.soy.data.SanitizedContent.prototype.contentKind;
<a name="line120"></a>
<a name="line121"></a>
<a name="line122"></a>/**
<a name="line123"></a> * The already-safe content.
<a name="line124"></a> * @type {string}
<a name="line125"></a> */
<a name="line126"></a>goog.soy.data.SanitizedContent.prototype.content;
<a name="line127"></a>
<a name="line128"></a>
<a name="line129"></a>/** @override */
<a name="line130"></a>goog.soy.data.SanitizedContent.prototype.toString = function() {
<a name="line131"></a>  return this.content;
<a name="line132"></a>};
</pre>


</body>
</html>
